Researchers Reveal Devastating 'Heartbleed' OpenSSL Bug → Disappointing?

One of the most commonly used cryptography component in the open-source world had what appears to be such a trivial bug introduced and undetected for ~2 years.

Makes me wonder if there are indeed security audits happen on such projects...

few things first its imposable to catch every bug in software to do so would mean your inhuman

second of all as best i can tell this bug even though it effected a lot of sites i don't think was widely exploited in those 2 years from looks of it we would have heard of it a lot sooner if it was

im sure givin enough time there will likely be loads more bugs found in ssl and all other software there is no such as bug free software

I is hard to tell what the damage has been because it does not leave any traces. I guess you could tell if company XYZ was seeing a lot of accounts taking hits but they could not see any traces of the hack like they did for Target.

One report said do not change your password for a site until that site has informed you it has updated their servers. If the site has installed the fix if the site is hacked they can steal your new password. If I understand the last paragraph of the story DSLReports have installed the fix.